Permissions

Suspect Permissions: An evaluation of direct user-assigned trustees in NCP.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

Summary

Create a report to locate all of the directly assigned user permissions in a particular NCP scan target.

Back Story

The customer has a number of volumes where the trustees should only ever be assigned granted via groups. They need a report to locate any permissions that have been granted to the individual user object, so that it can be evaluated.

Information

The scope of the query to limited to NCP trustees in the desired scan target. The scan_target will need to be modified to make it work based on the environment.

Current NCP Trustees

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Summary

Create a report that will display all NCP Trustees in eDirectory.

Back Story

The customer wanted to create a catalog of the NCP trustees for reference purposes.

Information

The scope of the query is eDirectory Tree wide, but can be limited to a particular path by adding a simple where clause.

*Starting in version 2.6.0, the "srs.active_ncp_trustees" database view has been renamed to "srs.current_ncp_trustees". While the "active" version will still with version 3.0 work it has been deprecated.

Current NTFS ACES Without Inheritance

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Summary

How when using the srs.current_ntfs_aces view can I report on the ACES without inheritance?

Explaination

The srs.current_ntfs_aces view includes a field called ace_flags which is a value mask. If this ace_flags value when ANDed with the a decimal value of 16 is equal to 16 than the ACE is inherited. If we therefore mask off that bit mask we can filter off the inherited values.